Forums / Developer / Protecting User Register - Administration Interface.

Protecting User Register - Administration Interface.

« 
Previous topic
|
Developer
|
Next topic
 »
Author Message

John Smith

Friday 27 November 2009 12:54:16 am

Hi guys,

Hope someone can help me. What is the best way to protect the following URL from public.

http://www.xxxx.com/xx_admin/user/register

I dont want to disable registration module for administration interface.

Cheers,

Damien Pobel

Friday 27 November 2009 1:11:39 pm

Hi John,

you could try to add the following lines to the site.ini.append.php file of siteaccesses where you want to disable user/register view :

[SiteAccessRules]
Rules[]
Rules[]=access;enable
Rules[]=moduleall
Rules[]=access;disable
Rules[]=module;user/register

Cheers

Damien
Planet eZ Publish.fr : http://www.planet-ezpublish.fr
Certification : http://auth.ez.no/certification/verify/372448
Publications about eZ Publish : http://pwet.fr/tags/keywords/weblog/ez_publish

John Smith

Saturday 28 November 2009 2:12:32 am

Cheers, mate, I do not want to disable the registration view, looking to protect it from certain IP addresses.

Anybody else please?

Damien Pobel

Saturday 28 November 2009 3:15:26 am

I don't think you cannot do that directly in eZ Publish without modifiying kernel/user/register.php or by writing your own view in an extension to register users.

If you use Apache, you can also set up some rewrite rules that filters the access to /user/register based on the IP.

Damien
Planet eZ Publish.fr : http://www.planet-ezpublish.fr
Certification : http://auth.ez.no/certification/verify/372448
Publications about eZ Publish : http://pwet.fr/tags/keywords/weblog/ez_publish

Sylvain Gogel

Monday 30 November 2009 2:15:12 pm

I agree with Damien, it's not something you can easily acheave at application level, but Apache rewrite rules can do.

At ezpublish you can create your own register module that will call the user/register view and add a security check before running if.

--
http://www.ecedi.fr
Agence Web, Créa/Conseils, Accessibilité
eZPublish, Drupal, Zend, Symfony

John Smith

Tuesday 08 December 2009 4:21:13 am

So this means, there is no way we can protect the following URL from Anonymous Users in out of the box solution.

http://www.xxx.com/xx_admin/user/register

Anyone can register if you know the URL...

EzCrew any possible quick solution?

Gaetano Giunta

Tuesday 08 December 2009 7:29:43 am

it's about roles and policies - to block anon user registration you will have to alter some settings in an override of sinte.ini.

Search for this text in the default site.ini for more details:

 # A list of module or module/views that don't require user login
AnonymousAccessList[]

Principal Consultant International Business
Member of the Community Project Board

eZ debug

Timing: Jan 18 2025 11:20:01
Script start
Timing: Jan 18 2025 11:20:01
Module start 'content'
Timing: Jan 18 2025 11:20:02
Module end 'content'
Timing: Jan 18 2025 11:20:02
Script end

Main resources:

Total runtime1.0491 sec
Peak memory usage4,096.0000 KB
Database Queries210

Timing points:

CheckpointStart (sec)Duration (sec)Memory at start (KB)Memory used (KB)
Script start 0.00000.0114 587.8594180.8125
Module start 'content' 0.01140.8958 768.6719667.9063
Module end 'content' 0.90720.1418 1,436.5781341.0547
Script end 1.0490  1,777.6328 

Time accumulators:

 Accumulator Duration (sec) Duration (%) Count Average (sec)
Ini load
Load cache0.00460.4346210.0002
Check MTime0.00150.1464210.0001
Mysql Total
Database connection0.00170.158010.0017
Mysqli_queries0.937989.40472100.0045
Looping result0.00230.21462080.0000
Template Total1.007596.020.5037
Template load0.00230.219220.0012
Template processing1.005195.810320.5026
Template load and register function0.00020.022110.0002
states
state_id_array0.00100.091010.0010
state_identifier_array0.00230.218620.0011
Override
Cache load0.00200.1910350.0001
Sytem overhead
Fetch class attribute can translate value0.00190.184350.0004
Fetch class attribute name0.00120.1159100.0001
XML
Image XML parsing0.00390.371550.0008
class_abstraction
Instantiating content class attribute0.00000.0024110.0000
General
dbfile0.00890.8473390.0002
String conversion0.00000.001030.0000
Note: percentages do not add up to 100% because some accumulators overlap

CSS/JS files loaded with "ezjscPacker" during request:

CacheTypePacklevelSourceFiles
CSS0extension/community/design/community/stylesheets/ext/jquery.autocomplete.css
extension/community_design/design/suncana/stylesheets/scrollbars.css
extension/community_design/design/suncana/stylesheets/tabs.css
extension/community_design/design/suncana/stylesheets/roadmap.css
extension/community_design/design/suncana/stylesheets/content.css
extension/community_design/design/suncana/stylesheets/star-rating.css
extension/community_design/design/suncana/stylesheets/syntax_and_custom_tags.css
extension/community_design/design/suncana/stylesheets/buttons.css
extension/community_design/design/suncana/stylesheets/tweetbox.css
extension/community_design/design/suncana/stylesheets/jquery.fancybox-1.3.4.css
extension/bcsmoothgallery/design/standard/stylesheets/magnific-popup.css
extension/sevenx/design/simple/stylesheets/star_rating.css
extension/sevenx/design/simple/stylesheets/libs/fontawesome/css/all.min.css
extension/sevenx/design/simple/stylesheets/main.v02.css
extension/sevenx/design/simple/stylesheets/main.v02.res.css
JS0extension/ezjscore/design/standard/lib/yui/3.17.2/build/yui/yui-min.js
extension/ezjscore/design/standard/javascript/jquery-3.7.0.min.js
extension/community_design/design/suncana/javascript/jquery.ui.core.min.js
extension/community_design/design/suncana/javascript/jquery.ui.widget.min.js
extension/community_design/design/suncana/javascript/jquery.easing.1.3.js
extension/community_design/design/suncana/javascript/jquery.ui.tabs.js
extension/community_design/design/suncana/javascript/jquery.hoverIntent.min.js
extension/community_design/design/suncana/javascript/jquery.popmenu.js
extension/community_design/design/suncana/javascript/jScrollPane.js
extension/community_design/design/suncana/javascript/jquery.mousewheel.js
extension/community_design/design/suncana/javascript/jquery.cycle.all.js
extension/sevenx/design/simple/javascript/jquery.scrollTo.js
extension/community_design/design/suncana/javascript/jquery.cookie.js
extension/community_design/design/suncana/javascript/ezstarrating_jquery.js
extension/community_design/design/suncana/javascript/jquery.initboxes.js
extension/community_design/design/suncana/javascript/app.js
extension/community_design/design/suncana/javascript/twitterwidget.js
extension/community_design/design/suncana/javascript/community.js
extension/community_design/design/suncana/javascript/roadmap.js
extension/community_design/design/suncana/javascript/ez.js
extension/community_design/design/suncana/javascript/ezshareevents.js
extension/sevenx/design/simple/javascript/main.js

Templates used to render the page:

UsageRequested templateTemplateTemplate loadedEditOverride
1node/view/full.tplfull/forum_topic.tplextension/sevenx/design/simple/override/templates/full/forum_topic.tplEdit templateOverride template
7content/datatype/view/ezxmltext.tpl<No override>extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tplEdit templateOverride template
8content/datatype/view/ezxmltags/paragraph.tpl<No override>extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tplEdit templateOverride template
4content/datatype/view/ezimage.tpl<No override>extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tplEdit templateOverride template
2content/datatype/view/ezxmltags/literal.tpl<No override>extension/community/design/standard/templates/content/datatype/view/ezxmltags/literal.tplEdit templateOverride template
1pagelayout.tpl<No override>extension/sevenx/design/simple/templates/pagelayout.tplEdit templateOverride template
 Number of times templates used: 23
 Number of unique templates used: 6

Time used to render debug report: 0.0002 secs